Part A of our privacy policy and the general terms in part E, apply to users of our website and registered members of our services. Our website includes www.goodtobook.com, our database hosted through https://accommsleastwanted.com/ and all other digital or electronic platforms or forums we use, such as email and social media pages.
Part B details important information for guests who have been listed on our platform.
Parts C and D set out additional provisions that relate to regions outside of Australia.
This privacy policy sets out how Good to Book Pty Ltd ABN 89 641 326 570 handles your personal information. We aim for compliance with Australian privacy legislation including the Australian Privacy Principles. If you are an EU resident, we aim for compliance with the GDPR when handling your personal information (see part C). If you are a New Zealand resident, we aim for compliance with the New Zealand Privacy Act 2020 (see part D). Where applicable under California Privacy Legislation, in addition to other sections of this privacy policy, please see the section below regarding do not track signals.
We collect, hold, use and disclose personal information for the purpose of providing you with and letting you know about our services. You may receive updates from us from time to time.
What is personal information?
'Personal information' is information that directly identifies you, such as your name, address, email, or data that could be used on its own or in combination with other data to identify you.
‘Sensitive personal information’ is information about you that requires additional protection such as health information, criminal history, ethnicity, religious beliefs, or sexual preferences. We do not actively collect sensitive information about you and request that you do not unintentionally share it with us. We will take steps to appropriately protect any sensitive information we do receive.
Staying Anonymous
You can browse this website anonymously. You cannot use our user platform anonymously.
If you identify yourself to us, for example, by submitting your details through our website or contacting us by email or phone, at that point we will collect your personal information. If you subscribe as a member of our platform, we will necessarily collect personal information about you as we have obligations to ensure our database is only accessed by known persons.
Minors
Our website is not intended to be used by minors and we do not intentionally collect the personal information of persons under the age of 18. If you are the guardian of a minor and suspect they may have provided us with their personal information, please contact us and request to have the minor’s personal information destroyed.
Collecting personal information
At all times we try to only collect the information we need to keep you updated about our services and your membership, deliver our services and/or to answer your enquiries.
The kind of information that we collect from you may include your:
The main way we collect personal information about you is when you give it to us, for example:
Generally, we will store and retain your personal information for 7 years after the date your most recent membership period was paid up to.
Testimonials
If you provide us with a testimonial, you give us your consent for the use of your name, your business name, image and the date of your testimonial to be displayed on our website, or in our other marketing material, together with the content of the testimonial that you provide.
You agree that we may edit your testimonial (eg. for length) provided that we do not alter the meaning conveyed.
Indirect collection
Other than as disclosed in this policy, we only collect information directly from you, from publicly accessible databases (for example if we verify your ABN or company identifier via a publicly accessible website), or when third parties provide your details to us (eg. a referral). This information forms part of the personal information described in this policy.
Social Networking Services and links to other websites
We may provide links to other websites or use social networking services such as Instagram and Facebook to communicate with the public about our work. These sites have their own privacy policies.
When you communicate with us using these services, we may collect your personal information. We will only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. We encourage you to familiarise yourself with the privacy policies of any service you use. We are not responsible for the privacy policies or privacy practices of any third-party sites.
Disclosure
In general, we use your personal information to provide you with our services, contact you or answer your enquiries. With your permission, we may send you emails about our activities. You may always withdraw your consent and unsubscribe from these emails by clicking on the unsubscribe link or by contacting us using the information set out at the end of this document.
We do not publish your personal information. We may give access to identification data we obtain and transaction records to appropriate and competent advisors or authorities for the purpose of obtaining advice or services (eg. IT services, accounting advice, legal advice).
We will also disclose your information where we are required to do so by law or if requested by Government, law enforcement agencies with jurisdiction in the region where your business is located.
Notifiable data breaches
We have processes in place to identify and manage any data breach. This includes notifying the relevant Privacy Commissioner and affected individuals if required under relevant legislation. To ensure we are always able to contact you, please ensure your contact details remain up-to-date.
This part of our privacy policy (together with part E: General terms) applies to guests who have had their information uploaded to our database after they have stayed at an accommodation operated by one of our members. For EU resident guests, please additionally see part C. For New Zealand residents, please additionally see part D.
This privacy policy sets out how Good to Book Pty Ltd ABN 89 641 326 570 handles your personal information. We aim for compliance with relevant privacy legislation.
We collect, hold, use and disclose personal information for the purpose of providing our services to our members. We do not otherwise sell or give away access to your personal information. If your personal information has been uploaded to our database, this was done by consent given by you at the time you booked your accommodation. We now hold your personal information as a legitimate function of our business. We aim to hold only the minimum personal information required to deliver our services and have designed our platform to limit the types of information an accommodation provider can upload.
Collecting personal information
The main way we collect personal information about you is when an accommodation provider uploads it to our database or when you contact us.
The type of information we will hold about you is designed for users of our platform to identify you and includes your name, address, photo ID, other names you may be known by, possibly the names of persons travelling with you, security or other footage that identifies you and details of any damage or problems encountered by the accommodation provider during your stay.
Generally, unless otherwise required by law, we will store and retain your personal information on our platform for a period of 3 years from the date your name and information were last uploaded to our platform. Your personal information will be securely destroyed after that time.
Social Networking Services and links to other websites
We may provide links to other websites or use social networking services such as Instagram and Facebook to communicate with the public about our work. These sites have their own privacy policies. If you communicate with us using these services, we may collect your personal information. The social networking service will also handle your personal information for its own purposes. We encourage you to familiarise yourself with the privacy policies of any service you use. We are not responsible for the privacy policies or privacy practices of any third-party sites
Who can access your personal information?
Other than as disclosed in this privacy policy, we do not publish your personal information for general public use. As a function of our business, we do make your personal information available on our platform as part of our searchable database for the use of our members.
Registered members of our service such as STAPs and their authorised staff will be able to search our database by guest name. If your details have been uploaded to our database, a member STAP may read the data and the details of what happened with a previous accommodation provider. They may also contact that accommodation provider if they have any questions. Based on the information in our database, an accommodation provider may refuse you accommodation or impose restrictions on your stay (for example, an increased security bond).
If you stay at an accommodation and the accommodation provider uploads your information to the database, your details may also be sent out as an alert to nearby member accommodation services to let them know there is a rogue guest in the area. This may impact your ability to find alternative accommodation.
Law enforcement agencies may also search our database. We will disclose your information where we are required to do so by law or if requested by Government law enforcement agencies with jurisdiction in the region where your accommodation services are located.
Law enforcement agencies will also be able to access your personal information for tracking or enforcement purposes. They may also use our database for BOLO (be on the lookout for) services.
We may give access to identification data we obtain and transaction records to appropriate and competent advisors or authorities for the purpose of obtaining advice or services (eg. IT services, accounting advice, legal advice).
Notifiable data breaches
We have processes in place to identify and manage any data breach. This includes notifying the relevant Privacy Commissioner and affected individuals if required under relevant legislation. If you are an affected individual, we will contact you using your contact details as shown in our database uploaded by your accommodation provider. This means we may not be able to reach you if your contact details subsequently change.
This additional section of our privacy policy relates to residents of the EU. If you are a resident of the EU and any part of this section C conflicts with another part of our privacy policy, the terms of this part C prevail.
'Personal data' or 'personal information' is information that directly identifies you, such as your name and email address, or data that could be used, on its own or in combination with other data, to identify you. Sensitive personal data is information about you that requires additional protection and includes health information, criminal history, ethnicity and religious beliefs or sexual preferences. We do not intentionally collect sensitive personal information about you and request you do not unintentionally share it with us.
We aim for compliance with the General Data Protection Regulations (GDPR). We collect and process the minimum amount of information required to deliver our services.
Under the GDPR, we are a data controller when it comes to your personal information.
We collect, hold, use and disclose personal information for the purpose of providing our services. We do otherwise not sell or give away access to your personal information. If your personal information has been uploaded to our database, this was done by consent given by you at the time you booked your accommodation. We now hold your personal information as a legitimate function of our business. We aim to hold only the minimum personal information required to deliver our services and have designed our platform to limit the types of information an accommodation provider can upload.
If you are a member with us, with your permission, we may use your email address to send you emails about our activities. These emails may contain links to other information. We process this information based on your consent. You may always withdraw your consent and unsubscribe from these emails by clicking on the unsubscribe link at the bottom of the email or by contacting us using the information set out above.
We may process the following categories of personal data about you:
Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
Customer Data that includes data relating to any purchases of our services such as your name, title, billing address, delivery address, email address, phone number, contact details and purchase details. We process this data to supply the services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
Guest data that includes data relating to rogue guests that has been uploaded to our database by a member accommodation provider. We process this data to supply our services to registered members of our platform as a legitimate function of our business. Our lawful ground for this processing is the performance of a contract with our members and our legitimate business interests.
User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back- ups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.
Technical Data that includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
Marketing Data that includes data about your preferences in receiving marketing from us and our third parties and your communication preferences. This data is mostly collected from users of our website. We process this data to enable you to partake in our promotions, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our services, to develop them, to grow our business and to decide our marketing strategy.
We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful ground for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business).
We accept payments using Stripe which allows us to sell our services to you. We do not take custody of or store your card details, although our payment processors may store that information on our behalf.
Financial information you provide to a third-party site will be managed according to their own privacy policy. We will share your personal data with our payment service providers only to the extent necessary to process your payments or deal with refunds, disputes or complaints in relation to your payments.
We use automated email functions via third party provider MailerLite. You may opt out of receiving emails via the unsubscribe function contained within the emails.
Privacy policies for our providers can be found here:
Stripe - https://stripe.com/privacy-center/legal
MailerLite.com - https://www.mailerlite.com/legal/privacy-policy
If you are a guest, unless otherwise required by law, we will securely destroy your personal information 3 years after the last time your personal information has been uploaded to our platform by a member of our services.
If you are a member of our platform, we will securely destroy your personal information when it is no longer required for our business purposes. We anticipate this will occur 7 years after you cease to be a member of our platform however this period may always change for compliance purposes with any relevant law of our jurisdiction.
We may share your personal information when required to do so by law or with our professional advisers to obtain advice, for instance if there is a breach of the terms and conditions, or to meet our accounting or compliance obligations. We use your personal data in this manner as a requirement for the legitimate functioning of our business.
Your personal information will necessarily cross international borders and we aim to only use third party providers with relevant certifications in this process (for example EU-US privacy shield participants). See the security section in part E.
Data Rights
Note that some of the rights listed in this section will not apply to data we are using about you within our database for our legitimate business purposes.
In general, under the GDPR, you have the right to ensure:
To ensure this happens, you can -
To achieve this, at your request, and upon production of satisfactory identification, we will tell you what personal data about you is being processed (eg. what information we have stored), on what basis, and by whom.
You may amend inaccurate, incomplete or outdated personal data at any time by contacting us via email at admin@goodtobook.com. Please allow 30 days for us to look into your request and get back to you.
If you decide your data should not be processed for one or more purposes, and we are using your data based on your consent, you may withdraw your consent from using your data in that way.
Please note that we will action your request as soon as practically possible however such a request will not take effect immediately and your data may still be used in the meantime.
You may request that all personal data we have collected about you be deleted from our records and erased from information stored by any third party organisations processing data on our behalf (known as the right to be forgotten).
If you make a request to be forgotten:
If data we have collected about you is processed using automated means, you have the right to receive that data in a structured, machine-readable format and to transmit it to another data controller without hindrance.
We will carefully review privacy rights requests and let you know the outcome of our decision. We will require sufficient identification from you to confirm your identity. There are circumstances where it is lawful for us to not action your request, we will let you know if this applies. Our full details are at the end of this policy.
Embedded content from other websites
Articles on our website may contain embedded content from other websites, like Youtube. For example, videos or images within an article or even whole articles. The embedded data behaves as though you have actually visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking and monitor your interaction with the embedded content, including tracking your interaction with the embedded content if you have an account or are logged in to the other website.
This additional section of our privacy policy relates to residents of New Zealand. If you are a resident of New Zealand and any part of this section D conflicts with another part of our privacy policy, the terms of this part D prevail.
Cross border transfer of data
We may store personal information collected within New Zealand in services located outside of New Zealand. This means your personal information may be stored in another Country. We aim to only use reputable service providers who store and use client data to a standard as high as the requirements of the New Zealand Privacy Act 2020. Additionally, when you signed up with us as an accommodation provider or provided your personal information to a member accommodation provider, you gave us your consent for your personal information to cross borders in this manner.
Data rights
You have the right to find out what personal information we hold about you, to request correction of your personal information and to request the deletion of any personal information collected by us. Note that some of the rights listed in this section will not apply to data we are using about you within our database for our legitimate business purposes. As a guest whose information has been given to us for our business purposes, you have more limited rights.
Please forward any personal information data requests to us by email admin@goodtobook.com. Note that there are circumstances where we are not required to delete or amend your data, even if you request that we do so. We will let you know if this applies. We may ask for proof of identification prior to releasing any information.
If you are not satisfied with our response to any privacy-related concern you may have, you can contact the New Zealand Privacy Commissioner: Office of the Privacy Commissioner email: enquires@privacy.org.nz.
How we use Cookies and other identifiers
We use a range of tools provided by third parties including search engine browsers and our web hosting company, to collect or view website traffic information. These sites have their own privacy policies. We also use cookies and session tools to improve your experience when accessing our websites.
Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Some website features may not function properly without cookies. If applicable in your jurisdiction, we will aim to provide you with options around the cookies set by our website.
The information collected by these tools may include the IP address of the device you are using and information about sites that IP address has come from, the pages accessed on our site and the next site visited. This information does not usually identify you but may be combined with other information to identify you. We use the information to help to track your use of our websites to improve your user experience and the quality of our services. To find out how to opt out of tailored advertising please check the options available here - http://www.networkadvertising.org/choices/.
Sale of our website
If our website, database or business is acquired by or merged with another company or business, your personal data may be transferred to the new owners so they can continue to support and operate the website and services. Provided the new owners have a privacy policy that has protections at least as high as those in this policy, by agreeing to this privacy policy, you agree to such a transfer.
Security and overseas recipients
While no system is 100% impenetrable and we cannot guarantee the safety of the information you store with us, we use industry standard or higher measures to securely store the information we hold. All information collected by us is stored on a secure cloud server. All communication between users and our platform are secured by end-to-end encryption using HTTPS protocol Secure Sockets Layer (SSL).
Additionally, we add encryption to forms (to ensure important information is inaccessible without security access), use server and application level firewalls, port control, IP blacklisting and regular backups and security breach monitoring.
We have limitations in place for the category of people who can use the database at operator level and who can access the database within our organisation.
We use physical security if we require any hardcopy storage (although we aim for complete electronic storage) and use appropriate password control to limit electronic access.
Even with these measures in place, we do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of the above precautions. By using our website, becoming a member of our services or consenting to an accommodation provider using your personal information in relation to our services, you acknowledge that you understand and agree to assume these risks
Due to the online nature of our operations and the members we have from diverse locations, it is likely personal information stored by us will cross international borders. We aim to use reputable third party providers for services including cloud storage, CRM and payments.
California Do Not Track Disclosure
Our website does not support or respond to Do Not Track (DNT) or similar signals or mechanisms. Some third-party sites we use keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting or encounter such sites, and they recognise DNT signals, your browser will likely allow you to set the DNT signal so that third parties (particularly advertisers) know you do not want to be tracked. For example, Chrome provides these instructions https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DAndroid&hl=en
Accessing and correcting your personal information
You may request copies of the information we hold about you, which will only be provided electronically. You may have the ability to make a request to amend or correct that information. If we do not agree with your requested change, we will let you know, and we will keep a copy of your request with our information.
If you are listed as a rogue guest on our database and believe this is incorrect, the onus is on you to show why we should remove your details. You may email us at admin@goodtobook.com setting out your reasons and we will consider your information. Decisions about removal or amendment of data remain with us however as the data we hold is used as a legitimate business purpose of ours.
You will need to provide proof of your identity to exercise these rights and we will also store a copy of your proof of identity with our stored information.
Problems?
If you have any concerns about our use of your personal information, please write to admin@goodtobook.com and let us know what the problem is. We will generally respond to your concerns within 30 days.
If you are not happy with how we manage your concerns, you can contact the Australian Privacy Commission, available at http://www.oaic.gov.au (if you are within Australia, or alternatively, the relevant privacy commission in your jurisdiction).
Our contact details:
Company: Good to Book Pty Ltd ABN 89 641 326 570
Email: admin@goodtobook.com
